/**
 * @author CH_ywx
 * @Date 2023-06-01
 * @Description
 */
package io.xccit.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpSession;

/**
 * @author CH_ywx
 * @Date 2023-06-01
 * @Description user控制层
 */
@Controller
@RequestMapping("/user")
public class UserController {
/*    @GetMapping("/login")
    @ResponseBody
    public String login(String username,String password){
        //获取登录认证对象
        Subject subject = SecurityUtils.getSubject();
        //获取用户信息对象
        AuthenticationToken token = new UsernamePasswordToken(username, password);
        //调用login方法进行认证登陆
        try {
            subject.login(token);
            return "登录成功!";
        } catch (AuthenticationException e) {
            e.getStackTrace();
            return "登录失败!";
        }
    }*/

    /**
     * 定向到login页面
     * @return
     */
    @GetMapping("login")
    public String login(){
        return "login";
    }
    /**
     * 登录校验
     * @param username 用户名
     * @param password 密码
     * @param session session
     * @return 逻辑页面
     */
    @PostMapping("/loginverify")
    public String loginSuccess(String username, String password,
                               @RequestParam(defaultValue = "false") boolean rememberMe,
                               HttpSession session) {
        System.out.println("username:"+username+" password:"+password+" rememberMe:"+rememberMe);
        //获取登录认证对象
        Subject subject = SecurityUtils.getSubject();
        //获取用户信息对象(rememberMe是使用rememberMe功能时添加的)
        AuthenticationToken token = new UsernamePasswordToken(username, password,rememberMe);
        //调用login方法进行认证登陆
        try {
            subject.login(token);
            //将用户信息放入session
            session.setAttribute("user",token.getPrincipal().toString());
            //转发到登录成功页面
            return "main";
        } catch (AuthenticationException e) {
            e.getStackTrace();
            //转发到登录失败页面
            return "error";
        }
    }

    /**
     * 记住我测试
     * @return
     */
    @GetMapping("/rememberMe")
    public String rememberMe(HttpSession session){
        session.setAttribute("user","rememberMe");//如果页面勾选了rememberMe,下次打开浏览器直接请求这个路径页面会显示rememberMe,而不是xccit
        return "main";
    }

    /**
     * 用户角色认证
     * @return ...
     */
    @RequiresRoles("admin") //是否有admin角色
    @GetMapping("/userRoleVerify")
    @ResponseBody
    public String authPrivet(){
        System.out.println("角色认证Controller...");
        return "用户角色信息认证成功!";
    }

    /**
     * 用户角色权限认证
     * @return ...
     */
    @RequiresPermissions({"user:add","user:delete"})//需要认证的权限
    @GetMapping("/userRolePermissionVerify")
    @ResponseBody
    public String authPermissions(){
        System.out.println("用户角色权限认证controller...");
        return "用户角色权限认证成功!";
    }
}
